Payment security is an ongoing concern for those who make payments in-person, online, and through their mobile devices. But, it becomes an even greater worry for the businesses that accept payments and become liable for any security breaches or fraud. According to a report by the Identity Theft Resource Center, although the number of U.S. data breach decreased 23 percent from 2017 to 2018, the number of exposed records increased 126 percent year over year. That pressure to provide the most secure payment process possible has companies continually seeking better security technology.
There are two points in the payment process where sensitive cardholder data is at the greatest risk of exposure or theft. The first is pre-authorization when the merchant has the consumer’s data and it is being sent or waiting to be sent to the acquirer/processor. The second is post-authorization when cardholder data has been sent back to the merchant with the authorization response from the acquirer/processor.
Tokenization is one security solution that addresses both these vulnerabilities and is now going mainstream in terms of its adoption rate. Here’s why a business should consider adding this security technology to their payment process.
What is Tokenization?
Tokenization involves replacing the sensitive data involved in a payment transaction with some type of replacement value that represents what was in that data. Should a hacker attempt to take that data, they will only receive these replacement information in the form of unique identification symbols that is of no value to them.
The process of tokenization involves a token vault that stores the primary account information that the thieves want but cannot access. Once the card issuer provides authorization for payment, a unique token number with an expiration data is created and returned to the merchant’s payment system rather than the primary account number. After it is used, this token is no longer usable.
To illustrate how tokenization differs from encryption, it is encryption that uses an algorithm to create an encrypted code. However, that code can be decoded if a hacker can crack the algorithm. This is nearly impossible to do with tokenization.
Benefits of Tokenization Adoption
Besides adding a layer of security to credit card transactions, tokenization offers a seamless experience that consumers want. Those using it have reported lower subscription churn and heightened security that improves brand reputation and trust.
There is growing capability to also align the same token to an individual’s credit card even after the 16-digit number on that credit card has expired. This means that merchants already have an individual’s payment information and keep billing for things like subscriptions in a seamless way despite an expiration of the physical credit card. Then, consumers don’t have to update their personal details, which often can add up to numerous merchants. Time is money, and customers appreciate not having to spend their time on such tasks.
Although there is no guarantee that tokenization will protect a merchant from a breach, it does minimize the financial impact for both consumers and merchants. Tokenization helps merchants comply with the global Payment Card Industry Data Security Standard (PCI DASS).
Also, tokenization works with most current point-of-sale equipment and mPOS, e-wallets, and payment apps. Tokens have become a preferred security tool for contactless payment applications like the magnetic technology used in Samsung Pay, Apple Pay, and Android Pay as well as NFC (near-field communication) and sound-based payment systems.
But, that’s not all in terms of the benefits of adopting tokenization. With network tokenization, you get a more detailed view of how customers behave, including improving how you track their purchase behavior across devices. This can provide an additional way to personalize your marketing efforts and loyalty programs for better results. You’ll also be able to customize the checkout experience for all payment channels.
Signs of Mass Adoption
Tokenization is becoming a mainstream payment security solution. For example, the Forrester Wave Data Security and Privacy Report listed it as one of the highest business value investments to make. Also, trusted business publications like Forbes called it one of the hottest data security technologies available.
Now, major card companies like Visa, Mastercard, and American Express have incorporated their own token system. Third-party payment gateways, including BluePay, offer payment protection through tokenization.
Time to Explore Your Options
If you accept payments of any kind from your customers, then this is the time to research and understand how tokenization can lower the risk for you and your customers.